icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Retail

 

Helping Payment Card Processors Continually Monitor and Assess PCI Security

Accepting credit cards is a necessity for today’s retailers, whether they conduct business through brick-and-mortar stores or e-commerce websites. But when cardholder data is the target of malicious activity or theft, it impacts every organization and stakeholder in the credit card processing system, including merchants, service providers, financial institutions, point-of-sale vendors, hardware/software developers and customers.

To help protect payment card transactions and cardholder data, all card brands require companies that process payment card data to demonstrate compliance with the Payment Card Industry Data Security Standard (PCI DSS). This baseline standard of operational controls and technical security requirements was designed to protect payment card transactions and cardholder data from malicious activity and theft.

Get the Solution Story

PCI Compliance

Learn how Tenable SecurityCenter CV helps you proactively monitor and maintain your PCI compliance posture.

Read Now

PCI security must be continuous

Many companies believe that demonstrating PCI DSS compliance once a year is sufficient. It is not. Retailers and other credit card processors must take steps to ensure PCI security is continuous and ongoing. Safeguards and controls must be in place at all times to protect the security of both payment card data and your business.

If your company is involved in credit card processing, Tenable offers a comprehensive security resource that performs PCI vulnerability scanning to continuously monitor and assess PCI security and helps demonstrate ongoing compliance to PCI DSS.

“The support alone earns my recommendation. While it’s difficult to quantify security ROI for any distributed and highly complex IT environment, we can see results everywhere.” Shan Lee, Head of Information Security,
JUST EAT

Meet all internal and external PCI vulnerability scanning requirements

With Tenable, users users can meet both internal and external vulnerability scanning requirements for PCI (PCI DSS 11.2). All Tenable products can perform internal vulnerability scanning of cardholder data and retail locations, including all versions of Nessus, the world’s most widely deployed vulnerability scanner (Professional, Manager and Cloud), SecurityCenter and SecurityCenter Continuous View (CV). Nessus Cloud can be used to meet the external scanning requirements of PCI DSS.

With SecurityCenter CV, retailers and service providers can comply with additional PCI DSS requirements, including logging and monitoring all systems and events, with automated review to quickly detect suspicious events (PCI DSS 10.5 - 10.8). Users can also comply with requirements regarding change detection notification, including setting up alerts when applications, files, or system objects are changed (PCI DSS 11.5).

SecurityCenter CV also provides continuous compliance monitoring for PCI DSS by providing PCI vulnerability scanning, centralized logging and log review, change detection notification and centralized intelligence through purpose-built dashboards, reports and Assurance Report Cards (ARCs). It delivers the continuous visibility, critical context and actionable intelligence you need to monitor all required PCI technical controls and ensure ongoing PCI DSS compliance at all times.

Continuously Monitor, Measure and Report PCI Compliance

Learn More

Whitepaper: How to Enable PCI DSS Continuous compliance

Read Now

Many companies view PCI security as an annual, once-a-year project. However, taking a minimalistic approach to PCI DSS compliance shows only that a company meets its requirements at one point in time.  According to the 2016 Verizon Data Breach Investigations Report, “89% of breaches had a financial or espionage motive,” and “the time to compromise is almost days or less, if not minutes or less.” Therefore, securing cardholder data requires continuous and uninterrupted PCI security and compliance.

Tenable helps retailers, merchants and other credit card processors meet all PCI vulnerability scanning requirements, both internal and external.  All Tenable products – Nessus Professional, Nessus Manager, Nessus Cloud, SecurityCenter and SecurityCenter Continuous View (SecurityCenter CV) – can perform PCI internal vulnerability scanning. External scanning can be performed with Nessus Cloud, the company’s PCI Certified ASV service.

How Tenable Can Help

Learn about Nessus Professional, Nessus Manager, Nessus Cloud.

Learn More

Learn more about the customizable dashboards and reports of SecurityCenter.

Learn More

Learn more about the continuous monitoring of SecurityCenter CV.

Learn More